adwind | 6989326966a8f4640f1e6e8de587481608a6228f1bac90d29252448c3a4e2801 | Triage

Sharing

General

Target

dwwww.jar
Size

639KB
Sample

250213-vw8p7a1mgy
MD5

3e90c45cd2db89f2d40af9a7c7a6c72c
SHA1

f128f1df2bcb95d79f8326ced327ac2a9128166f
SHA256

6989326966a8f4640f1e6e8de587481608a6228f1bac90d29252448c3a4e2801
SHA512

6c4ad0986b96dc0a16818d6fe25ec61b99091ae9828edd43569b9639637ef53ac45ad29b211cc246718e57b72223e4ef69df40e58ca173ff6cc6ab9244292e6c
SSDEEP

12288:GvT9Qx/nHxczh4V9Y14/gS/nRr+hrQNqzSg+FmRJY3QuA2JUSOJDIEh:GvhQhRcl4rj/gSZ2eqzzI9QuNJnOJDIg

Score

10^/10

adwind discovery persistence

Malware Config

Targets

- Target
  
  dwwww.jar
- Size
  
  639KB
- MD5
  
  3e90c45cd2db89f2d40af9a7c7a6c72c
- SHA1
  
  f128f1df2bcb95d79f8326ced327ac2a9128166f
- SHA256
  
  6989326966a8f4640f1e6e8de587481608a6228f1bac90d29252448c3a4e2801
- SHA512
  
  6c4ad0986b96dc0a16818d6fe25ec61b99091ae9828edd43569b9639637ef53ac45ad29b211cc246718e57b72223e4ef69df40e58ca173ff6cc6ab9244292e6c
- SSDEEP
  
  12288:GvT9Qx/nHxczh4V9Y14/gS/nRr+hrQNqzSg+FmRJY3QuA2JUSOJDIEh:GvhQhRcl4rj/gSZ2eqzzI9QuNJnOJDIg
Score

8^/10

discovery persistence
- Downloads MZ/PE file
- Adds Run key to start application
  persistence
behavioral1

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Modify Registry

Credential Access

Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

discoverypersistence